BankInfoSecurity.com

Similar Fraud Rates Across Documents Reveal Weaknesses in Verification Workflows
One in 16 documents processed across financial institutions last year showed signs of manipulation, fabrication or misrepresentation. Most fraud teams want better document detection and tighter review queues. But financial institutions may be looking in the wrong place.

Top European Court Advisor Says Policy Should Be 'Refund Now, Sue Later'
Banks must promptly refund phishing victims when the scams lead to unauthorized transactions, an advisor to the European Union’s top court has said. The case in question involves an unnamed Polish woman who got duped on an online auction platform.

Company Says Limits Triggered Federal Retaliation, Which Violate Free Speech Rights
AI developer Anthropic sued the U.S. government alleging retaliation after it refused to allow its Claude models to support lethal autonomous warfare or mass surveillance of Americans. The suit claims federal agencies unlawfully banned the firm's technology and labeled it a national security risk.

AI Shutdown Risk Exposes Governance Gaps and Vendor Dependency Concerns
The federal government's recent decision to designate Anthropic, maker of the Claude AI platform, as a "supply-chain risk" should raise alarm bells for technology leaders who are tasked with embedding AI systems across the enterprise. Going all-in with a single AI vendor can be risky.

HIPAA Settlement Small Compared to Many Others
U.S. federal regulators fined a dental practice software vendor with a seemingly lowball financial penalty for a high-stakes 2020 hack affecting 15 million individuals that the company failed to report. Maryland-based MMG Fusion agreed to $10,000.

Researchers Tie UAT-9244 Intrusion to Famous Sparrow and Tropic Trooper
A China-linked cyberespionage group has been targeting telecommunications providers in South America since 2024 using a set of newly discovered malware tools designed to maintain persistent access to critical communications infrastructure, Cisco Talos researchers found.

Vendors Cite Global Teams as Iran War Raises Travel Questions From Israel
Several Israeli cybersecurity firms say they still plan to attend RSAC 2026 despite the Iran war. Companies including Orca Security, Check Point, Cyera and Radware say their global workforce structure allows them to maintain conference participation even if travel from Israel remains difficult.

Trump Signs Executive Order and Publishes Cyberspace Strategy
U.S. President Donald Trump signed Friday afternoon an executive order directing federal prosecutors, cyber defense officials and diplomats to ramp up efforts to combat cybercriminal gangs. Trump signed the order in tandem with publishing a five-page cybersecurity strategy.

Growing AI Investments Push Enterprises to Demand Accountability From Tech Vendors
Companies spent over $300 billion on artificial intelligence last year, yet most initiatives produced little measurable value. As skepticism grows, a new debate is emerging around accountability in enterprise technology contracts and whether vendors should share responsibility for outcomes.

Key Challenges in the Proposed HIPAA Security Rule Update
The HIPAA Security Rule may soon undergo its first major overhaul in decades. Although finalization could come as early as May 2026, timelines remain uncertain as new requirements are grounded in modern cybersecurity practices and frameworks.

Experts Urge Preparedness, Nonstop Vigilance, See Ongoing Risk of Online Reprisals
Seven days into the United States and Israel continuing "major combat operations" against Iran, Tehran continues to respond with kinetic attacks against neighboring countries. While no cyberattacks have emerged, experts see unpredictability and continue to urge caution, monitoring and preparedness.

Also: Anthropic Claude Code Security Impact on AppSec, RSAC Conference Preview
In this week's panel, four ISMG editors discuss the potential cyber spillover from escalating tensions in the Iran-Israel-U.S. conflict, the market disruption sparked by Anthropic's Claude Code Security launch and a preview of RSAC Conference 2026.

OT Experts Weigh In on SP-800 82 Revisions
Now is the moment for U.S. federal guidance on securing OT to plunge deeper into the practicalities of securing systems, an extension into actionable advise that reflects a maturing branch of cybersecurity, several OT security specialists told the national Institute of Standards and Technology.

More Code, More Problems - and More Testing
When Anthropic unveiled Claude Code Security late last month, investors were quick to punish traditional cybersecurity vendors. But analysts say the impact of Anthropic's new service will likely be more nuanced than indicated by early reactions.

New CEO John Heyman Says Enterprises Need Tools to Manage Thousands of AI Agents
New OneTrust CEO John Heyman said enterprises rapidly deploying generative AI will soon manage hundreds or thousands of AI agents across their organizations. They must monitor AI agents' data flows and third-party technologies as privacy risk and security oversight increasingly converge.

Also: Trojanized RedAlert App, Tycoon 2FA Takedown, CyberStrikeAI Attacks
This week, Cisco patches and hacks. Trojanized app targeted Israelis. Bye-bye, Tycoon 2FA. Also bye-bye LeakBase. A LexisNexis breach. Woman sentenced for trafficking Microsoft licenses. Silver Dragon targeted governments. Broadcom patch. A Mississippi medical clinic resumed operations.

Compromise Affects Healthcare Clients of Co.'s Revenue Cycle Management Services
Billing services vendor Trizetto Provider Solutions is notifying 3.4 million individuals of a hacking incident discovered in October 2025 that investigators have now determined started nearly a year earlier, when threat actors accessed the company's healthcare clients' insurance related data.